Data of 700 million LinkedIn users currently being sold on a hacker forum

Personal information of around 700 million LinkedIn users has been found being sold on the dark web. The information includes full names, email addresses, phone numbers, gender, physical addresses, and other data. The leak comes mere months after the information of 500 million LinkedIn users was sold on a hacker forum.

 

 

The data leak, first reported by PrivacySharks, contains information of 700 million LinkedIn users, 92% of the total 756 million. The database is currently being sold on a hacker forum by a user named TomLiner. In the forum post made on June 22, 2021, TomLiner claimed to have 700 million LinkedIn records and included a sample containing data of 1 million users. Researchers from PrivacySharks were able to verify that the sample does, in fact, contain the personal information of LinkedIn users. Full names, email addresses, phone numbers, gender, physical addresses, geolocation records, LinkedIn usernames, profile URLs, professional experience and background, and other social media usernames are included in the database.

Leonna Spilman, LinkedIn’s Corporate Communications Manager, said in a statement to PrivacySharks that rather than a data breach, the information was scraped from LinkedIn.

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected,” Spilman said in the official statement to PrivacySharks.

Users whose data is leaked are at increased risk of being targeted by cyber crooks

While it does not appear that private messages or credit card information were leaked, users whose data is part of the database being sold on the dark web have a much higher risk of being targeted by spam/scam and phishing campaigns, and may even become victims of identity theft. The leaked information could be used to get even more details, such as banking information. For example, a victim whose phone number and full name have been leaked may receive a phone call from someone claiming to be a bank or the police. The caller would identify the victim by name and then proceed to lie about possible suspicious money transactions. The victim, assured by the usage of their name, may end up providing their banking information, including passwords and codes, to the caller.

Malicious parties can also use this leaked information to perform more sophisticated phishing scams. If someone is targeted specifically, knowing their full name and using it in a phishing email makes the attempt much more believable. These are just a couple of examples of the kinds of scams victims of data leaks may encounter.

Users whose information has been leaked, and not just in this LinkedIn incident, should be particularly cautious with unknown emails and phone calls. HaveIBeenPwned is a good tool to check whether your information has ever been leaked or part of a data breach.

Finally, while passwords do not appear to have been leaked, it’s highly recommended to change your LinkedIn password and enable two-factor authentication. Furthermore, if your LinkedIn password is used anywhere else, changing those passwords is also a good idea. Though keep in mind that you should not use the same password for multiple accounts because no matter how strong it is, it’s still a liability.